Security News

Facebook may be forced to stop sending data about its European users to the U.S., in the first major fallout from a recent court ruling that found some trans-Atlantic data transfers don't protect users from American government snooping. The social network said Wednesday that Ireland's Data Protection Commission has started an inquiry into how Facebook shifts data from the European Union to the United States.

Facebook has been reportedly asked to stop sending data from Ireland to the US, on orders from the EU. This is according to a report from the Wall Street Journal, which said that Irish eyes won't be smiling come this Fall after a preliminary order to suspend data transfers to the US about its users was sent to Mark Zuckerberg's firm by the Irish Data Protection Commission. The news comes in the wake of an EU court ruling two months ago that transatlantic data protection arrangements - known as Privacy Shield - were "Inadequate".

Lawyers for WikiLeaks founder Julian Assange on Monday failed to persuade a British judge to throw out new US allegations against him, as he resumed his fight to avoid extradition to the United States for leaking military secrets. Inside, Assange's lawyers sought to "Excise" new allegations lodged by Washington in recent weeks, saying they had not had time to formulate a proper response.

The United States has revoked visas of more than 1,000 Chinese students and researchers under an order by President Donald Trump that accused some of them of espionage, the State Department said Wednesday. Trump, in a May 29 proclamation as tensions rose with Beijing on multiple fronts, declared that some Chinese nationals officially in the United States for study have stolen intellectual property and helped modernize China's military.

Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering. Space systems should be developed to continuously monitor, anticipate,and adapt to mitigate evolving malicious cyber activities that could manipulate, deny, degrade, disrupt,destroy, surveil, or eavesdrop on space system operations.

A Swiss federal commissioner announced Tuesday that a U.S.-Swiss program aimed to protect personal information exchanged between the two countries doesn't go far enough, and has downgraded the United States to rank it as a country deemed to have inadequate data protection. Federal Data Protection and Information Commissioner Adrian Lobsiger, in a new policy paper, recommends that Swiss companies or government should disclose personal data to the U.S. only if safeguards are put in place to protect people from prying U.S. authorities.

September sees a bundle of 129 CVE-listed flaws patched by Microsoft. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away the most serious is CVE-2020-16875, a memory object error in Exchange Server that allows a poisoned email to execute code with System clearance.

The US Federal Communications Commission says that performing a full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn in total. According to the FCC, the $1.837bn figure is the cost to the carriers themselves as they remove and replace their Huawei and ZTE hardware with gear from other vendors who have been approved by the government.

Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act, a law that critics say inhibits security research because it's overly broad. The app maker filed an amicus brief [PDF] on Thursday in Van Buren v. United States in support of the US government, which seeks to uphold the 2017 conviction of former Georgia police officer Nathan Van Buren under the CFAA. Van Buren was convicted of violating the CFAA for conducting a computer search for a license plate number. Coincidentally, its app was slammed in February by computer scientists for a variety of security flaws.

It's been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn't sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group. Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, "Which effectively ended the NSA's bulk telephony metadata collection program," according to the panel.